/**
  * Write the configuration file
  */
 public function installConf()
 {
     if ($this->_installConfValidate()) {
         $db_params = $_SESSION['conf_fields'];
         $db_name_string = '$conf[\'db_name\']';
         $db_user_string = '$conf[\'db_user\']';
         $db_pass_string = '$conf[\'db_pass\']';
         $db_port_string = '$conf[\'db_port\']';
         $db_host_string = '$conf[\'db_host\']';
         $conf_file_contents = file_get_contents($this->_appRoot . '/conf/sahana.conf.example');
         $conf_file_contents .= "\n# Database Configuration\n" . "{$db_name_string} = \"{$db_params['db_name']}\";\n" . "{$db_host_string} = \"{$db_params['db_host']}\";\n" . "{$db_user_string} = \"{$db_params['db_user']}\";\n" . "{$db_pass_string} = \"{$db_params['db_pass']}\";\n" . "{$db_port_string} = \"{$db_params['db_port']}\";\n";
         $isImportSuccess = false;
         if ($db_params['db_preference'] == 0) {
             if (shn_create_database($db_params)) {
                 $isImportSuccess = $this->_importData($db_params);
             }
         } else {
             $isImportSuccess = $this->_importData($db_params);
         }
         if ($isImportSuccess) {
             add_confirmation(_t("Data import completed successfully."));
             if (file_put_contents($this->_appRoot . '/conf/sahana.conf', $conf_file_contents)) {
                 add_confirmation(_t("Wrote sahana.conf successfully."));
                 echo _t('<p>Installation Complete. Now you can ') . '<a href="index.php">' . _t('go to the Vesuvius main page.') . '</a>';
             }
         } else {
             add_error(_t("Data import encountered an error: ") . $mysql_import_command);
             $this->writeConfInit();
         }
     } else {
         $this->writeConfInit();
     }
 }
Example #2
0
 /**
  * The function that decides what to do and which page to view.
  *
  * @param $getvars an associative array, representing the GET variables
  *                 from the URL
  * @return void
  */
 function controlHandler($getvars)
 {
     global $dao;
     //first authorize the user
     $ac = new AccessController($getvars);
     if (!$ac->isAuthorized()) {
         return;
     }
     //if authorized, move on to displaying the correct page
     switch ($getvars['vm_action']) {
         case 'process_add':
             global $dao;
             /*
              * First set up a Volunteer object to store all of the
              * POST data
              */
             if ($_SESSION['logged_in'] && !$dao->isVolunteer($_SESSION['user_id'])) {
                 $v = new Volunteer();
                 $v->info['ids'] = array();
                 $v->p_uuid = $_SESSION['user_id'];
                 $shn_user = true;
             } else {
                 if (isset($getvars['p_uuid'])) {
                     $v = new Volunteer($getvars['p_uuid']);
                     $shn_user = false;
                 } else {
                     $v = new Volunteer();
                     $v->info['ids'] = array();
                     $shn_user = false;
                 }
             }
             $v->info['full_name'] = $getvars['full_name'];
             $v->info['ids'][$getvars['id_type']] = trim($getvars['serial']);
             $v->info['gender'] = $getvars['gender'];
             $v->info['dob'] = $getvars['dob'];
             $v->info['date_start'] = $getvars['start_date'];
             $v->info['date_end'] = $getvars['end_date'];
             $v->info['hour_start'] = $getvars['hrs_avail_start'];
             $v->info['hour_end'] = $getvars['hrs_avail_end'];
             $v->info['occupation'] = $getvars['occupation'];
             $v->info['affiliation'] = $getvars['affiliation'];
             $v->info['special_needs'] = $getvars['special_needs'];
             $v->info['locations'] = array();
             shn_get_parents(shn_location_get_form_submit_loc(), $v->info['locations']);
             $v->info['contact'] = array();
             // put every input that begins with 'contact_' into the contact array
             foreach ($getvars as $key => $value) {
                 if (substr($key, 0, strlen('contact_')) == 'contact_') {
                     $v->info['contact'][substr($key, strlen('contact_'))] = $value;
                 }
             }
             $v->info['contact_prefer'] = $getvars['prefered_confirm_medium'];
             //add skills information
             $v_skills = array();
             $skill_ids = $dao->getSkillIDs();
             foreach ($skill_ids as $skill) {
                 if ($getvars["SKILL_{$skill}"] == 'on') {
                     $v_skills[] = $skill;
                 }
             }
             $v->info['skills'] = $v_skills;
             //add Sahana account information if necessary
             if ($getvars['reg_account'] == 'true') {
                 $v->info['account_info'] = array('account_name' => $getvars['full_name'], 'user_name' => $getvars['user_name'], 'pass' => $getvars['pass1']);
                 $v->p_uuid = $getvars['existing_puuid'];
             }
             View::View($v);
             /*
              * Check to see if the POST data is valid and act accordingly
              */
             if ($this->validateAddForm($getvars = array_merge($_REQUEST, $_FILES))) {
                 $v->save($shn_user);
                 // picture
                 $p = $_FILES['picture'];
                 if (!empty($p['tmp_name'])) {
                     $pic = new VMPicture();
                     $pic->original = file_get_contents($p['tmp_name']);
                     $pic->name = $p['name'];
                     $pic->type = $p['type'];
                     $pic->size = $p['size'];
                     $pic->p_uuid = $v->p_uuid;
                     if ($pic->resize()) {
                         $pic->save();
                     } else {
                         add_error(_("The image file is invalid, or is not of a supported type."));
                     }
                 }
                 add_confirmation(_('Changes saved.'));
                 //if we just created a Sahana account, direct the user to log in
                 if (!$_SESSION['logged_in']) {
                     $this->displayPleaseLogin();
                 } else {
                     $this->displayVolunteer($v->p_uuid);
                 }
             } else {
                 if (!empty($getvars['p_uuid'])) {
                     $this->addVolunteer(new Volunteer($getvars['p_uuid']));
                 } else {
                     $this->addVolunteer();
                 }
             }
             break;
         case 'display_add':
             View::View();
             if ($dao->isVolunteer($_SESSION['user_id'])) {
                 //if this user is a volunteer already, display the edit form
                 $this->addVolunteer(new Volunteer($_SESSION['user_id']));
             } else {
                 //otherwise display the add form
                 $this->addVolunteer();
             }
             break;
         case 'display_edit':
             View::View();
             $this->addVolunteer(new Volunteer($getvars['p_uuid']));
             break;
         case 'display_confirm_delete':
             View::View();
             $this->confirmDelete($getvars['p_uuid']);
             break;
         case 'display_change_pass':
             View::View();
             $this->changePass($_SESSION['user_id']);
             break;
         case 'process_change_pass':
             global $global;
             require_once $global['approot'] . 'inc/lib_security/lib_auth.inc';
             if ($this->validateChangePassForm($getvars = $_REQUEST)) {
                 if (shn_change_password($getvars['p_uuid'], $getvars['cur_pass'], $getvars['pass1']) === true) {
                     add_error(SHN_ERR_VM_PASSWORD_NOT_MATCH);
                     $this->changePass($getvars['p_uuid']);
                 } else {
                     add_confirmation(_("Your Password has been updated"));
                 }
             } else {
                 $this->changePass($getvars['p_uuid']);
             }
             break;
         case 'process_delete':
             $v = new Volunteer();
             $v->delete($getvars['p_uuid']);
             View::View();
             $this->displayConfirmation('The requested user was deleted.');
             $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
             $this->listVolunteers($dao->getVolunteers(), $extra_opts);
             break;
         case 'display_list_all':
             View::View();
             $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
             $this->listVolunteers($dao->getVolunteers(), $extra_opts);
             $this->showPagingNavigation("index.php?mod=vm&amp;act=volunteer&amp;vm_action=display_list_all");
             break;
         case 'display_list_assigned':
             View::View();
             $extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
             $this->listVolunteers($dao->getVolunteers(null, VM_SHOW_ALL_VOLUNTEERS_ASSIGNED), $extra_opts);
             $this->showPagingNavigation("index.php?mod=vm&amp;act=volunteer&amp;vm_action=display_list_assigned");
             break;
         case 'display_mailbox':
             View::View(new Volunteer($_SESSION['user_id']));
             $this->displayMailbox($getvars['box']);
             break;
         case 'display_message':
             /*
              * Since we are passing $_SESSION['user_id'] as the p_uuid of the user here,
              * we can only view the message (i.e., the query will only succeed) if it belongs
              * to the current logged in user. Therefore, there is no need for extra access
              * control checks on displaying a message here.
              */
             View::View();
             $this->displayMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box']);
             break;
         case 'process_delete_message':
             global $dao;
             $dao->deleteMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box'] != 'outbox');
             //add_confirmation('_(Message has been deleted'));
             View::View(new Volunteer($_SESSION['user_id']));
             $this->displayMailbox($getvars['box']);
             break;
         case 'display_send_message':
             $this->displaySendMessageForm();
             break;
         case 'process_send_message':
             global $dao;
             if ($this->validateSendMessageForm($getvars = $_REQUEST)) {
                 $message = stripslashes($getvars['message']);
                 $message = strtr($message, array("'" => "\\'"));
                 //have to escape any single quotes otherwise querying won't work
                 $dao->sendMessage($_SESSION['user_id'], $getvars['to'], $message);
                 add_confirmation(_("Message Sent"));
             } else {
                 $to_list = array();
                 $to = $getvars['to'];
                 if (isset($to)) {
                     foreach ($to as $person) {
                         $to_list[$person] = $dao->getPersonName($person);
                     }
                 }
                 $this->displaySendMessageForm($to_list);
             }
             break;
         case 'display_search':
             $advanced = $getvars['advanced'] == 'true';
             $this->openSearchForm();
             $this->displaySearchForm($advanced);
             break;
         case 'process_search':
             global $dao, $global;
             include_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
             View::View();
             //print_r($getvars);
             $vol_name = $getvars['vol_name'];
             //name to search by
             $vol_id = $getvars['vol_iden'];
             //Identification number to search by
             $loose = false;
             $soundslike = false;
             $start_date = $getvars['start_date'];
             //availability start
             $end_date = $getvars['end_date'];
             //availability end
             $skills_matching = $getvars['skills_matching'] == 'and_skills' ? VM_SKILLS_ALL : VM_SKILLS_ANY;
             //search for all or any of the skills present
             $unassigned = $getvars['unassigned'] == 'true';
             //true to search for only unassigned volunteers
             $assigning = $getvars['assigning'];
             //true if we are using the search to assign volunteers
             $advanced = $getvars['advanced'] == 'true';
             //true if we are using an advanced search
             $just_assigned_vol = $getvars['p_uuid'] != '' && $assigning;
             //true if we just assigned a volunteer to a project (nice to know if no results are found to not display an error)
             $date_constraint = $getvars['date_constraint'] == 'full_date';
             //true if we must check for availability for the entire date range specified, false to check for any portion of the data range
             $positions = $getvars['positions'];
             if ($assigning) {
                 $assigning_proj = $getvars['proj_id'];
             } else {
                 $assigning_proj = null;
             }
             $location = '';
             if (shn_vm_location_selected()) {
                 $location = shn_location_get_form_submit_loc();
             }
             $skills = array();
             $skill_ids = $dao->getSkillIDs();
             foreach ($skill_ids as $sk) {
                 if ($getvars["SKILL_{$sk}"] == 'on') {
                     $skills[] = $sk;
                 }
             }
             //if we're not using the search results to do assigning, open the form here so that all of our paging navigation
             //will also be part of the form
             if (!$assigning) {
                 $this->openSearchForm();
             }
             //Validate the fields
             if ($this->validateSearchForm($getvars)) {
                 //get the search results and display them
                 $results = $dao->getVolSearchResults($vol_id, $vol_name, $skills, $skills_matching, $start_date, $end_date, $location, $date_constraint, $unassigned, $loose, $soundslike, $assigning_proj);
                 $this->displaySearchResults($results, $assigning, $assigning_proj, $advanced, $just_assigned_vol, $positions);
             }
             if (!$assigning) {
                 $this->displaySearchForm($advanced, false);
             } else {
                 $this->displaySearchForm(true, true);
             }
             break;
         case 'display_single':
             $v = new Volunteer($getvars['p_uuid']);
             View::View($v);
             $this->displayVolunteer($getvars['p_uuid']);
             break;
         case 'process_remove_picture':
             $dao->deletePicture($dao->getPictureID($_GET['id']));
             View::View();
             if (empty($getvars['p_uuid'])) {
                 $this->addVolunteer();
             } else {
                 $this->addVolunteer(new Volunteer($getvars['p_uuid']));
             }
             break;
         case 'display_portal':
             View::View(new Volunteer($_SESSION['user_id']));
             $this->displayPortal();
             break;
         case 'display_report_all':
             View::View();
             $this->displayVolunteerReport($dao->getVolunteersForReport());
             break;
         case 'display_custom_report_select_for_mgrs':
             $this->displayCustomReportFilterForMgrs($dao->listProjects($_SESSION['user_id'], true, true));
             break;
         case 'display_custom_report_select':
             View::View();
             $projects = array('ALL_PROJECTS' => '(all)') + $dao->listProjects(null, false, true);
             $orgs = array('ALL_ORGS' => '(all)') + $dao->getOrganizations(true);
             $this->displayCustomReportFilter($projects, $orgs, $dao->getVolunteerNames(true));
             break;
         case 'display_custom_report':
             View::View();
             $extra_opts = array();
             $proj_id = null;
             $org_id = null;
             $vols = array();
             if (isset($getvars['proj_id']) && $getvars['proj_id'] != 'ALL_PROJECTS') {
                 $proj_id = $getvars['proj_id'];
                 $extra_opts['reportProjName'] = $dao->getProjectName($proj_id);
             }
             if (isset($getvars['org_id']) && $getvars['org_id'] != 'ALL_ORGS') {
                 $org_id = $getvars['org_id'];
                 $temp = $dao->getOrganizationInfo($org_id);
                 $extra_opts['reportOrgName'] = $temp['name'];
             }
             if (!empty($getvars['vols']) && is_array($getvars['vols'])) {
                 $extra_opts['reportingSpecificVolunteers'] = true;
                 $vols = $getvars['vols'];
             }
             $this->displayVolunteerReport($dao->getVolunteersForReport($proj_id, $org_id, $vols), $extra_opts);
             break;
         case 'display_modify_skills':
             $this->displayModifySkills();
             break;
         case 'process_add_skill':
             global $global;
             require_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
             if (empty($getvars['skill_desc']) || empty($getvars['skill_code'])) {
                 add_error(_('Please specify both a skill description and skill code'));
             } else {
                 //validate skill code length
                 if (strlen(trim($getvars['skill_code'])) < 4 || strlen(trim($getvars['skill_code'])) > 5) {
                     add_error(_('Skill code should be 4 - 5 letters'));
                 } else {
                     $find = array("/ *" . VM_SKILLS_DELIMETER . " */", "/^ +/", "/ +\$/");
                     $replace = array("-", '', '');
                     $description = preg_replace($find, $replace, $getvars['skill_desc']);
                     if (!$dao->addSkill($getvars['skill_code'], $description)) {
                         add_error(_('The specified skill code already exists. Please choose another'));
                     } else {
                         add_confirmation("Skill '{$description}' added");
                         unset($_POST);
                     }
                 }
             }
             $this->displayModifySkills();
             break;
         case 'process_remove_skill':
             if (!empty($_REQUEST['skills'])) {
                 foreach ($_REQUEST['skills'] as $code) {
                     $dao->removeSkill($code);
                     add_confirmation("Deleted {$code}");
                 }
             }
             $this->displayModifySkills();
             break;
         case 'display_approval_management':
             //currently only site manager approval is allowed, later credential approval will be added
             $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
             break;
         case 'process_approval_modifications':
             //currently only site manager approval is allowed, later credential approval will be added
             $dao->updateAbilityStatus($getvars['vol_id'], 'MGR', isset($getvars['approve']));
             add_confirmation(_('Approval information has been updated'));
             $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
             break;
         case 'process_approval_upgrades':
             //currently only site manager approval is allowed, later credential approval will be added
             $dao->updateAbilityStatus($getvars['vol_id'], 'MGR', true);
             add_confirmation(_('Approval information has been updated'));
             $this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
             break;
         case 'process_log_time':
             $start = strtotime($getvars['startDate'] . ' ' . $getvars['startTime']);
             if (empty($getvars['numHours'])) {
                 $end = strtotime($getvars['endDate'] . ' ' . $getvars['endTime']);
             } else {
                 $end = $start + $getvars['numHours'] * 60 * 60;
             }
             if (($e = validateShiftTimes($start, $end)) === VM_OK) {
                 if ($dao->logShift($getvars['p_uuid'], $getvars['pos_id'], $start, $end)) {
                     $this->displayConfirmation('Your time was logged successfully.');
                     $v = new Volunteer($getvars['p_uuid']);
                     View::View($v);
                     $this->displayVolunteer($getvars['p_uuid']);
                 } else {
                     add_error(_("There was a problem logging your time. Please go back and try again."));
                 }
             } else {
                 add_error(_("Error logging time:") . $e);
                 $this->showLogTime($getvars['p_uuid'], $getvars['pos_id']);
             }
             break;
         case 'review_hours':
             if (empty($getvars['proj_id'])) {
                 $this->displaySelectReviewHours();
             } else {
                 $this->displayReviewHours($getvars['proj_id']);
             }
             break;
         case 'process_review_hours':
             $this->dao->reviewShift($getvars['shift_id'], $getvars['status']);
             $this->displayReviewHours($getvars['p_uuid'], $getvars['pos_id']);
             break;
         default:
             if ($_SESSION['logged_in']) {
                 View::View(new Volunteer($_SESSION['user_id']));
                 $this->displayPortal();
             }
     }
 }
Example #3
0
 /**
  * Handles control for all administrative functions
  */
 public function controlHandler($getvars)
 {
     //first authorize the user
     $ac = new AccessController($getvars);
     if (!$ac->isAuthorized()) {
         return;
     }
     View::View();
     $this->displayAdminHMenu();
     global $dao;
     switch ($getvars['vm_action']) {
         case 'display_acl_situations':
             $this->displayAdminACL($dao->getAccessRequestsForDisplay());
             break;
         case 'display_acl_modify':
             if (empty($getvars['request'])) {
                 add_error(SHN_ERR_VM_NO_REQUEST);
                 $this->displayAdminACL($dao->getAccessRequestsForDisplay());
             } else {
                 $split = preg_split("/&/", $getvars['request']);
                 $act = $split[0];
                 $vm_action = $split[1];
                 $this->displayAdminACLModify($act, $vm_action, $dao->getAccessRequestDescription($act, $vm_action), $dao->getSpecificAccessRequestConstraints($act, $vm_action), $dao->getPossibleAccessConstraints(), $dao->getDBTables());
             }
             break;
         case 'process_update_phonetics':
             $dao->updatePhonetics();
             add_confirmation(_('The Search Registry has been updated.'));
             $this->displayDefaultAdminPage();
             break;
         case 'process_acl_modifications':
             $dao->removeConstraints($getvars['acl_act'], $getvars['acl_vm_action']);
             //first update the special constraints
             $possible_constraints = $dao->getPossibleAccessConstraints();
             foreach ($possible_constraints as $code => $description) {
                 if ($getvars["constraint_{$code}_req"] == 'on') {
                     $dao->addConstraint($getvars['acl_act'], $getvars['acl_vm_action'], $code);
                 }
             }
             //now update the data classification constraints
             $tables = array();
             foreach ($getvars as $name => $value) {
                 $matches = array();
                 if ($value == 'on' && preg_match("/table_(\\w+|_)_req_(\\w)/", $name, $matches)) {
                     //arrange the permissions into the 'crud' format
                     $table_name = $matches[1];
                     $permission = $matches[2];
                     if (!isset($tables[$table_name])) {
                         $tables[$table_name] = $permission;
                     } else {
                         $current_permissions = $tables[$table_name];
                         if ($permission == 'c') {
                             $tables[$table_name] = 'c' . $current_permissions;
                         } else {
                             if ($permission == 'r') {
                                 if (substr_count($tables[$table_name], 'c') > 0) {
                                     $tables[$table_name] = 'cr' . substr($current_permissions, 1);
                                 } else {
                                     $tables[$table_name] = 'r' . $current_permissions;
                                 }
                             } else {
                                 if ($permission == 'u') {
                                     if (substr_count($tables[$table_name], 'd') > 0) {
                                         $tables[$table_name] = substr($current_permissions, 0, strlen($current_permissions) - 1) . 'ud';
                                     } else {
                                         $tables[$table_name] = $current_permissions . 'u';
                                     }
                                 } else {
                                     //($permission == 'd')
                                     $tables[$table_name] = $current_permissions . 'd';
                                 }
                             }
                         }
                     }
                 }
             }
             $dao->updateClassificationConstraints($getvars['acl_act'], $getvars['acl_vm_action'], $tables);
             add_confirmation(_('Access control modifications have been saved'));
             $this->displayAdminACL($dao->getAccessRequestsForDisplay());
             break;
         case 'process_clear_cache':
             $this->engine->clear_cache();
             add_confirmation(_('Template cache has been cleared'));
             $this->displayDefaultAdminPage();
             break;
         case 'process_audit_acl':
             global $global;
             //first process any changes if necessary
             if ($getvars['process_action'] != '') {
                 if ($getvars['process_action'] == 'add_request') {
                     $dao->addAccessRequest($getvars['request_act'], $getvars['request_vm_action'], $getvars['request_desc']);
                 } else {
                     if ($getvars['process_action'] == 'remove_request') {
                         $dao->removeAccessRequest($getvars['request_act'], $getvars['request_vm_action']);
                     } else {
                         $dao->classifyTable($getvars['table_to_classify'], $getvars['classification_level']);
                     }
                 }
                 add_confirmation(_('ACL settings have been updated.'));
             }
             $path = $global['approot'] . 'mod/vm/controller/';
             //an array for all controller files to test with each key being the 'act' URL parameter associated with it
             $files = array('adm_default' => 'AdminController.php', 'project' => 'ProjectController.php', 'volunteer' => 'VolunteerController.php');
             //an array to store all act and vm_action combinations that are not in the database
             $bad_requests = array();
             $current_requests = $dao->getAccessRequests();
             foreach ($files as $act => $file_name) {
                 $handle = fopen($path . $file_name, 'r');
                 $contents = fread($handle, filesize($path . $file_name));
                 //temporary, should restrict results to within controlHandler() function
                 preg_match_all("/case\\s+('|\")(\\w+)('|\")\\s*?:/", $contents, $cases);
                 foreach ($cases[2] as $vm_action) {
                     if (isset($current_requests[$act])) {
                         if (isset($current_requests[$act][$vm_action])) {
                             unset($current_requests[$act][$vm_action]);
                         } else {
                             $bad_requests[] = array('act' => $act, 'vm_action' => $vm_action);
                         }
                     } else {
                         $bad_requests[] = array('act' => $act, 'vm_action' => $vm_action);
                     }
                 }
                 //ignore default cases that aren't referenced because they will get picked up by the controller's default action
                 unset($current_requests[$act]['default']);
                 if (empty($current_requests[$act])) {
                     unset($current_requests[$act]);
                 }
                 fclose($handle);
             }
             //now look for any unclassified tables/views
             $tables = $dao->getDBTables();
             $unclassified_tables = array();
             foreach ($tables as $table) {
                 if (substr($table, 0, 3) == 'vm_') {
                     if (!$dao->isClassified($table)) {
                         $unclassified_tables[] = $table;
                     }
                 }
             }
             //display the information
             $this->displayACLAudit($bad_requests, $current_requests, $unclassified_tables, $dao->getDataClassificationLevels());
             break;
         default:
             $this->displayDefaultAdminPage();
             break;
     }
 }
Example #4
0
 /**
  * Write the generated content in to the .htaccess file.
  * 
  * @param   String  $fileContent    The content for the file.
  */
 private function _writeToHtaccessFile($fileContent)
 {
     $htaccessFile = fopen($this->_appRoot . self::HTACCESS_FILE_RELATIVE_PATH, 'w+');
     if (fwrite($htaccessFile, $fileContent)) {
         add_confirmation(_t("Successfully wrote .htaccess file. Please ensure that Apache mod_rewrite is enabled."));
     } else {
         add_error(_t("Failed to write .htaccess file"));
     }
     fclose($htaccessFile);
 }
Example #5
0
function shn_main_front_controller()
{

    global $global;
    global $conf;

    $action = $global['action'];
    $module = $global['module'];


    // check if we should enable database logging....
    if (isset($conf['enable_monitor_sql']) && $conf['enable_monitor_sql'] == true) {
        $global['db']->LogSQL();
    }
    // are we streaming PLUS SOAP Services?
    if (isset($_REQUEST['wsdl'])) {
        shn_main_plus_server();
        exit();
    }

    // is the user confirming an account registration?
    if (isset($_REQUEST['register'])) {
        shn_main_plus_register();
        exit();
    }

    // are we straming anything else?
    if (isset($_REQUEST['stream'])) {
        $stream = "_" . $_REQUEST['stream'];
    } else {
        $stream = null;
    }

    // check if the appropriate stream library exists
    if (array_key_exists('stream', $_REQUEST) && file_exists($global['approot'] . '/inc/lib_stream' . $stream . '.inc')) {
        require_once($global['approot'] . '/inc/lib_stream' . $stream . '.inc');

        // else revert to the html stream
    } else {
        if (array_key_exists('stream', $_REQUEST)) {
            add_error(_t('The stream requested is not valid.'));
        }
        require_once($global['approot'] . "/inc/lib_stream_html.inc");
        $stream = null;
    }

    // Redirect the module based on the action performed
    // redirect admin functions through the admin module
    if (preg_match('/^adm/', $action)) {
        $global['effective_module'] = $module = 'admin';
        $global['effective_action'] = $action = 'modadmin';
    }


    // fixes the security vulnerability associated with null characters in the $module string
    $module = str_replace("\0", "", $module);


    // load stream file if exists...
    $module_stream_file = $global['approot'] . 'mod/' . $module . '/stream.inc';
    if (file_exists($module_stream_file)) {
        include_once($module_stream_file);
    }
    // identify the correct module file based on action and module
    $module_file = $global['approot'] . 'mod/' . $module . '/main.inc';

    // check if module exists (modules main.inc)
    if (file_exists($module_file)) {
        include_once($module_file);
    } else {
        // default to the home page if the module main does not exist
        add_error(_t('The requested module is not installed in Vesuvius'));
        $module = 'home';
        $action = 'default';
        include_once($global['approot'] . 'mod/home/main.inc');
    }

    // identify the name of the module function based on the action, stream and module
    $module_function = 'shn' . $stream . '_' . $module . '_' . $action;

    // if function does not exist re-direct
    if (!function_exists($module_function)) {

        // try to see if there is a generic Xstream function instead
        $module_function = 'shn_XST_' . $module . '_' . $action;

        if (!function_exists($module_function)) {

            // display the error on the relevant stream
            if ($stream == null) {
                add_error(_t('The action requested is not available'));
                $module_function = 'shn_' . $module . '_default';
            } else {
                // if this does not exist display the error in the html homepage
                add_error(_t('This action does not support the stream type.'));
                $module_function = "display_errors"; // just display the errors
            }
        }
    }

    // list of exceptions generated by calling the function.
    $global['exception_list'] = array();

    // initialize stream based on selected steam POST value this includes the inclusion of various sections in XHTML including the HTTP header,content header, menubar, login
    shn_stream_init();

    if ($stream == null) {

        if ((($global['action'] == 'signup2') || ($global['action'] == 'signup') || ($global['action'] == 'forgotPassword') || ($global['action'] == 'loginForm')) && ($global['module'] = 'pref')) {
            if (shn_acl_is_signup_enabled()) {
                $module_function();
            }
        } else {
            // if not a self-signup action
            $allowed_mods = shn_get_allowed_mods_current_user();

            // check if requested module is within users allowed modules
            $res = array_search($module, $allowed_mods, false);

            if (false !== $res) {
                if (shn_acl_check_perms($module, $module_function) == ALLOWED) {
                    // check if the user just logged in.... request_time = session expiry, if so, great them! :)
                    $q = "
						SELECT count(*)
						FROM sessions
						WHERE expiry = '" . mysql_real_escape_string($_SERVER['REQUEST_TIME']) . "';
					";
                    $result = $global['db']->Execute($q);
                    //if($result === false) { daoErrorLog(__FILE__, __LINE__, __METHOD__, __CLASS__, __FUNCTION__, $global['db']->ErrorMsg(), "getEventListUser 1"); }
                    if ($result->fields["count(*)"] == '1') {
                        add_confirmation("Login successful");
                    }
                    $module_function();
                } else {
                    shn_error_display_restricted_access();
                }
            } else {
                shn_error_display_restricted_access();
            }
        }

    } else {
        // if the steam is not HTML
        $allowed_mods = shn_get_allowed_mods_current_user();

        // check if requested module is within users allowed modules
        $res = array_search($module, $allowed_mods, false);

        // hack for messaging module receive function
        $res = ($stream = 'text' & $action = 'receive_message') ? true : $res;
        if (false !== $res) {
            if (shn_acl_check_perms($module, $module_function) == ALLOWED) {
                $module_function();
            } else {
                add_error(shn_error_get_restricted_access_message());
            }
        } else {
            add_error(shn_error_get_restricted_access_message());
        }
    }

    // close up the stream. In HTML send the footer
    shn_stream_close();
}
Example #6
0
 /**
  * The function that decides what to do and which page to view.
  *
  * @param $getvars an associative array, representing the GET variables
  *                 from the URL
  * @return void
  */
 function controlHandler($getvars)
 {
     global $dao, $global;
     include_once $global['approot'] . 'inc/lib_location.inc';
     //first authorize the user
     $ac = new AccessController($getvars);
     if (!$ac->isAuthorized()) {
         return;
     }
     // temporary, to support older 'action' instead of 'vm_action'
     $vm_action = $getvars['vm_action'] ? $getvars['vm_action'] : $getvars['action'];
     switch ($vm_action) {
         case 'display_single':
             $p = new Project($getvars['proj_id']);
             $this->displayProject($p);
             break;
         case 'display_add':
             $this->addProject();
             break;
         case 'display_edit':
             $this->addProject(new Project($getvars['proj_id']));
             break;
         case 'display_closure_edit':
             if ($dao->isSiteManagerForProject($_SESSION['user_id'], $getvars['proj_id'])) {
                 if (!empty($_POST)) {
                     $dao->saveClosureReport($getvars['proj_id'], $_POST);
                     $this->displayConfirmation(_('Changes Saved.'));
                     echo '<script type="text/javascript">';
                     echo 'setTimeout(\'location.href="?mod=vm&act=project&vm_action=display_closure_report&proj_id=' . $getvars['proj_id'] . '"\',1500);';
                     echo '</script>';
                 } else {
                     $this->editClosure($getvars['proj_id']);
                 }
             }
             break;
         case 'display_closure_report':
             $this->viewClosure($getvars['proj_id']);
             break;
         case 'display_closure_reports':
             $this->listClosureReports();
             $this->showPagingNavigation("index.php?mod=vm&amp;act=project&amp;vm_action=display_closure_reports");
             break;
         case 'process_add':
             $p = new Project($getvars['proj_id']);
             $p->info['name'] = $getvars['name'];
             $p->info['description'] = $getvars['description'];
             $p->info['start_date'] = $getvars['start_date'];
             $p->info['end_date'] = $getvars['end_date'];
             $p->info['mgr_id'] = $getvars['manager'];
             $p->info['locations'] = array();
             shn_get_parents(shn_location_get_form_submit_loc(), $p->info['locations']);
             if ($this->validateAddForm($getvars)) {
                 $p->save();
                 $this->displayConfirmation(_('Changes Saved.'));
                 $this->displayProject($p);
             } else {
                 $this->addProject();
             }
             break;
         case 'process_delete':
             $p = new Project();
             $p->delete($getvars['proj_id']);
             View::View();
             $this->displayConfirmation('The requested Project was deleted.');
             $this->listProjects();
             $this->showPagingNavigation("index.php?mod=vm&amp;act=project&amp;vm_action=default");
             break;
         case 'display_confirm_delete':
             View::View();
             $this->confirmDelete($getvars['proj_id']);
             break;
         case 'display_select_project':
             View::View();
             if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_proj_vol' => 'ru'), false)) {
                 $projects = $dao->listProjects($_SESSION['user_id'], true);
             } else {
                 $projects = $dao->listProjects();
             }
             $this->displaySelectProjectForAssignmentForm($projects);
             break;
         case 'display_assign':
             View::View();
             if ($getvars['proj_id'] == '') {
                 add_error(SHN_ERR_VM_NO_PROJECT);
                 //if the user is just a site manager who got here due to overriding access control, only display his projects, otherwise display all
                 if ($dao->isSiteManager($_SESSION['user_id']) && !$ac->dataAccessIsAuthorized(array('vm_vol_position' => 'ru'), false)) {
                     $projects = $dao->listProjects($_SESSION['user_id'], true);
                 } else {
                     $projects = $dao->listProjects();
                 }
                 $this->displaySelectProjectForAssignmentForm($projects);
             } else {
                 if ($this->validateAssignForm($getvars)) {
                     $p_uuid = $this->getAssigningVolId($getvars);
                     $dao->assignVolunteerToPosition($p_uuid, $getvars['pos_id_' . $p_uuid]);
                     add_confirmation(_('Volunteer has been successfully assigned'));
                 }
                 $p = new Project($getvars['proj_id']);
                 $this->assignVol($getvars['proj_id'], $p->positions);
             }
             break;
         case 'process_remove_from_project':
             $dao->deleteFromProject($getvars['p_uuid'], $getvars['proj_id']);
             $p = new Project($getvars['proj_id']);
             $this->displayProject($p);
             break;
         case 'display_my_list':
             $this->listProjects($_SESSION['user_id']);
             $this->showPagingNavigation("index.php?mod=vm&amp;act=project&amp;vm_action=display_my_list");
             break;
         case 'display_coming_list':
             echo _('The items listed below are projects that will start from today or after today.');
             echo '<div align="right"><a href="?mod=vm&amp;act=project">' . _('View all projects') . '</a></div>';
             $this->listComingProjects();
             $this->showPagingNavigation("index.php?mod=vm&amp;act=project&amp;vm_action=display_coming_list");
             break;
         case 'process_add_position':
             if ($getvars['pos_id'] != null) {
                 $p = new Position($getvars['pos_id']);
             } else {
                 $p = new Position();
             }
             $p->proj_id = $getvars['proj_id'];
             $p->ptype_id = $getvars['ptype_id'];
             $p->description = $getvars['description'];
             $p->title = $getvars['title'];
             $p->numSlots = $getvars['numSlots'];
             $p->payrate = $getvars['payrate'];
             if ($this->validateAddPosition($getvars)) {
                 $dao->savePosition($p);
                 //$this->displayConfirmation("Position assignment has been added to {$p->position_title}");
                 $this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $p->proj_id));
             } else {
                 $this->addPosition($p);
             }
             break;
         case 'add_position':
             //this case only displays the form to add/edit a position
             if ($getvars['pos_id']) {
                 $p = new Position($getvars['pos_id']);
             } else {
                 $p = new Position();
             }
             if (isset($getvars['proj_id'])) {
                 $p->proj_id = $getvars['proj_id'];
             }
             $this->addPosition($p);
             break;
         case 'remove_position':
             $dao->removePosition($getvars['pos_id']);
             $this->controlHandler(array('vm_action' => 'display_single', 'proj_id' => $getvars['proj_id']));
             break;
         default:
             echo '<div align="right"><a href="?mod=vm&amp;act=project&amp;vm_action=display_coming_list">' . _('View coming projects') . '</a></div>';
             $this->listProjects();
             $this->showPagingNavigation("index.php?mod=vm&amp;act=project&amp;vm_action=default");
             break;
     }
 }